Confidentiality of Personal Identification Number
Confidentiality
While using the ATM the user’s identity is verified by the system through the confidential PIN. This is unique combination of four digits. When any ATM card is swiped on the ATM, the PIN with the card number and further operations are completed. Therefore, it is important to make the PIN and other related transactional data confidential so that no one can intercept the data to get the details in order to complete malicious activities. This includes the following techniques to get the transmitted data,
Don't use plagiarized sources. Get Your Custom Essay on
Importance Of Confidentiality, Integrity, And Availability In An ATM System And Biometric Authentication
Just from $13/Page
Eavesdropping: In this technique the attacker or the eavesdropper establishes connection with the data transmission channel. After this the attacker is able to intercept the unauthorized data. This is the most common types attacks to the data transmission networks.
In order to ensure the security of the data, one of the most popular technique is encryption. This technique confirms that only the intended people or system (who has the decryption key) can read the information. One of the very noticeable example of using encryption to protect the data is SSL/TLS. The SSL is a security protocol for data transmissions or communications over the internet channel. This protocol has been used along with numerous other protocols to ensure security of the transmitted channel.
Confidentiality of data may lead to the adverse impact of the user as well on the financial institutions who provides the services to their customers. Therefore, its degree of importance is high.
Integrity of data is about the protecting the data from the unauthorized modifications while it is in the transmission channel. Wrong or modified information can have severe impact on the users of the data (in this case the Customer who uses the ATM).
For the information systems used in the financial institutions the information has value if and only if its correct. As an example, in case the user entered the value of $500 do with transfer from his/her account to another account and this data changed by the hackers or network intruder to $5000. This modification or the modification related to the receiving account can lead to the economic loss of the user. Lack of integrity of the transmitted data can be secured using the SSL and different encryption techniques thus its degree of importance is marked as moderate.
Availability
Availability of the data refers to the easy and efficient access to the data by any authorized parties at any given point of time. Hackers or the intruders may affect the availability of the information with different kind of attacks such as DoS (Denial of Service Attacks). For the users of the ATM or the financial institutions can be very costly as they would not be able reach the services or the data they need to complete their routine operations.
Integrity of Data
Therefore, it is important to have offline back up of the data in order to maintain the availability of the data to the users of the data. Periodical backup of the data is helpful in reducing the damage cost by this kind of attack. As availability of the data and the services can be maintained with some basic precautions thus the degree of importance is moderate.
As given, the thief has broken the five of the ten keys on the board that are utilized by the customers or the users to enter their PIN’s. except the five broken keys on the board, the client was able to enter their card PIN utilizing those remaining five keys. Therefore, it is evident that, the combination of the remaining five keys holds the PIN of the customer.
Here hypothetically it can be assumed that the, the thief will be attempting with different digit combinations while changing the order of the digit in the PIN.As the PIN of an ATM card can start with the 0, and if the 0 key is still intact therefore the thief can use the that as one of the numbers at the initial position of the PIN. Thus, here the order of the digits is significant therefore we will use the theory of the Permutation in this case.
In this manner the thief needs to attempt and get the 4-digit PIN utilizing different mix from the five keys which will be given by 5P4 = 5! / (5-4)!
Therefore, number of trials for the thief to figure out the PIN is 5! /1=120.
Even though the Biometric is considered as the next level authentication technique or strategy, but there are some issues relate to this for which people still hesitate to use this. in the present day, there are mainly three types or biometric authentication techniques are used which are discussed below,
Fingerprint recognition: It is one of the widely used technique of biometric authentication process. Initially it was used in law enforcement in UK (in the 1900’s). use of this technique revolutionized criminal investigation.
Voice recognition: This technique is used to verify the user’s identity based on the characteristics of their voice. It is often confused with the Speech Recognition.
Following are the reason for which the users hesitate to use the biometric systems,
The biometrics particularly recognizes the clients or people contingent upon the information identified with their fingerprints, iris and face. In this way, any sort of damage to the iris, fingerprints and face or absence of precision of the related information can prompt in negative response from the deployed framework during the time spent perceiving the individual or client.
Availability of Data and Services
Notwithstanding that, integrity of data that is required for biometric validation does not private information. Match of the related information put away in the database primarily relies upon proficient capture of the live examples from the users of the system or behavioural information keeping in mind the end goal to coordinate with the predefined information or format.
Another issue that make the users reluctant to use the biometric systems is the risk of potential abuse of the client’s information. It is additionally a cause of concern from the part of protection of data. The stolen information of a client can be utilized to get to very secured zone or entry to finish any sort of criminal action.
For instance, of absence of security of validation by the bio metric lead to prompting false positive. As an example, some smartphones which opens itself by examining the Iris of its proprietor, for this smart phones hackers were successful to unlock them by utilizing a contact focal point on the picture of the client’s eye which prompt opening the telephone.
Attackers or the intruders have discovered many strategies in order to sidestep numerous current biometric authentication systems. For instance, a hacker named Jan Krissler utilized high-resolution photographs of a German Minister, to hack the authentication process using unique finger print verification.
The same person additionally hacked the Apple’s TouchID. Utilizing a unique finger print smudge left on the screen. Which resembles leaving a post-it note with password of the system on the screen.
There are likewise substantially greater consequences for stolen biometric information than for stolen passwords (however this might be a result of the esteem we put on it as an impeccable identifier). Biometric information is greatly individual and remarkable… in principle. However, in the event that somebody hacks and gets the biometric data, they can utilize it to distort things like authoritative reports and criminal records.
False negative and false positive are sorts of issues of the biometric authentication systems. False negative is indicated to the circumstance when because of some precision issues the biometric framework rejects a valid users access to some data or premises.
The risk of misuse is a conceivable region where facial recognition can be a casualty. Utilizing the system in daylight places, for example, airport terminals depends on video checking worked by human. This can be abused with administrators conveying their preferences and predisposition dispositions to the activity. While facial recognition can be utilized to secure private data about the user/client, it can just as simple be utilized to attack individuals’ privacy. The data from the system can be sent as a detached biometric where it can take a photo when the user is completely unconscious of the camera. It does not require the learning, assent or support of the subject.
Maximum Number of Trials for Discovering Customer’s PIN
Facial recognition programming is poor at dealing with changes in lightning, camera points and pictures with dynamic foundations, scrutinizing its utilization for observation in occupied, quick moving swarmed regions, for example, airplane terminals and malls. Iris-filter innovation requires a tolerably controlled condition and an agreeable client to communicate with the framework. The clients most hold their head in the right position and remain still for the output for a couple of moments. As simple as it sounds, it can turn into an issue for clients until the point that they end up acclimated with the frameworks activities, this turns out to be to a lesser degree an issue in applications where the connection with the framework is visit. The high exactness comes about expressed by the providers of iris innovation may exaggerate the genuine world effectiveness of the innovation. The blunder rates and high testing outcomes are done on perfect iris pictures, which is once in a while not the situation in reality, in actuality, applications.
Finger print authentication systems frameworks have a critical issue where a level of clients cannot select in numerous frameworks. Moreover, certain ethnic and statistic bunches have low quality fingerprints and demonstrate hard to select; this likewise incorporates the elderly and manual workers. This requires another technique for validation required for these clients/users, which can bring down the entire security structure of the organization by returning to customary methods for passwords and token base for the choice of clients who cannot select.
Then again, the false positive is referred to the circumstance in which because of breakdowns in the framework the biometric frameworks enable an unapproved user to get to a confined premises or computerized account through going by the Biometric verification process. The Biometric system developing vendors can tune or modify the reject or acceptance rate for a given system. This should be possible by enhancing the span of the biometric layout, or expanding the certainty interim between two sequential access endeavours after one neglects to do as such.
In case of finding a match from the templates stored in the database, for the most part it relies upon the measurable correlation of the live data capture of the biometric data and not on some Boolean reaction (Yes or No) generated from the system. So as to keep away from the circumstances of false positive or false negative it is informed to just expand the likelihood with respect to false rejects. Then again, setting high acceptance level in the biometric system likewise supportive in order to reducing the likelihood of false negatives.
Challenges and Objections to Biometric Authentication
Example 1: In case a user who is a health specialist who direly needs stored data in a computer system or need to access a restricted premise but due to false negative by the biometric system, non-accessibility could involve severe results or even death of patients. On the off chance that a user stores profoundly secret data on a system, giving a fake user or intruder a chance to get the data could have extremely negative outcomes.
Example2: In any IT service providing organization if any how the servers of the organization get down due to some technical issue or breach, then the experts need to access the restricted premises of the servers in order to save the data and protect the data. in this case if the expert is restrained by a false negative signal, then it may result in huge loss of business as well as data of its clients.
Utilization of Transposition technique for scrambling or hide the information is more productive than the basic Caesar cipher encryption technique. If there should be an occurrence of the Caesar figure the it just changes the content by substitution, then again the Transposition Cipher it changes the request of the letters.
The principle idea behind this strategy is, to produce a arrangement of the letters of a given string in plaintext. This encryption strategy makes the encoded or figure content to be very much scrambled.
Figures or the cipher texts created utilizing the Transposition procedure is considered as exceptionally secure as they don’t change the letters in the word. This can be useful in giving more secure techniques for encryption.
The given cipher text is, NTJWKHXK AMK WWUJJYZTX MWKXZKUHE.
In order to decipher the text, we have use the numerical positions of the alphabets as follows,
A=1, B=2, C=3, D=4, E=5, F =6, G=7, H=8, I =9, J = 10;
K = 11, L = 12, M = 13, N = 14, O = 15, P = 16;
Q = 17, R = 18, S = 19, T = 20;
U = 21, V = 22, W = 23, X = 24, Y = 25, Z = 26.
From here we found the following tables related to the numeric positions of the letters in the given cipher text.
N T J W K H X K
14 20 10 23 11 8 24 11.
A M K
1 13 11
W W U J J Y Z T X
23 23 21 10 10 25 26 20 24
M W K X Z K U H E
13 23 11 24 26 11 21 8 5
After utilizing the given key 234 we get the following resultant,
N T J W K H X K
14 20 10 23 11 8 24 11.
12 17 6 21 8 4 22 8
Second phrase,
A M K
1 13 11
23 11 8
Third phrase
W W U J J Y Z T X
23 23 21 10 10 25 26 20 24
19 21 18 6 8 22 22 18 21
And for the last phrase,
M W K X Z K U H E
13 23 11 24 26 11 21 8 5
9 21 8 20 24 8 17 6 2
Now again after using the Caesar cipher decryption shifts we get the following,
N T J W K H X K
14 20 10 23 11 8 24 11.
12 17 6 21 8 4 22 8
9 14 3 18 5 1 19 5
Second phrase,
A M K
1 13 11
23 11 8
20 8 5
Third phrase
W W U J J Y Z T X
23 23 21 10 10 25 26 20 24
19 21 18 6 8 22 22 18 21
16 18 15 3 5 19 19 15 18
Fourth phrase
M W K X Z K U H E
13 23 11 24 26 11 21 8 5
9 21 8 20 24 8 17 6 2
6 18 5 17 21 5 14 3 25
From the decrypted values we get the following words arranging the letters according to the numeric positions;
9 14 3 18 5 1 19 5
I N C R E A S E
The second word,
20 8 5
T H E
Third word,
16 18 15 3 5 19 19 15 18
P R O C E S S O R
Fourth one,
6 18 5 17 21 5 14 3 25
F R E Q U E N C Y
Therefore, the decrypted text is,
Increase The Processor Frequen Cy
